Lucene search
+L

171 matches found

Github Security Blog
Github Security Blog
added 2022/07/15 8:55 p.m.25 views

LTI 1.3 Tool Library's function used to generate random nonces not sufficiently cryptographically complex before v5.0

Impact The function used to generate random nonces was not sufficiently cryptographically complex. As a result values may be predictable and tokens may be forgable. Patches Users should upgrade to version 5.0 immediately Workarounds None...

7.5CVSS7.3AI score0.0042EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/07/15 8:55 p.m.78 views

GHSA-768M-5W34-2XF5 LTI 1.3 Tool Library's function used to generate random nonces not sufficiently cryptographically complex before v5.0

Impact The function used to generate random nonces was not sufficiently cryptographically complex. As a result values may be predictable and tokens may be forgable. Patches Users should upgrade to version 5.0 immediately Workarounds None...

7.5CVSS7.4AI score0.0042EPSS
Exploits0References5
NVD
NVD
added 2022/07/15 6:15 p.m.12 views

CVE-2022-31158

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. Users should upgrade to version 5.0 to receive a patch. There are...

7.5CVSS0.00761EPSS
Exploits0References1
NVD
NVD
added 2022/07/15 6:15 p.m.43 views

CVE-2022-31157

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the function used to generate random nonces was not sufficiently cryptographically complex. Users should upgrade to version 5.0 to receive a patch. There are currently no known...

7.5CVSS0.0042EPSS
Exploits0References1
Prion
Prion
added 2022/07/15 6:15 p.m.21 views

Code injection

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the function used to generate random nonces was not sufficiently cryptographically complex. Users should upgrade to version 5.0 to receive a patch. There are currently no known...

5CVSS7.5AI score0.0042EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/07/15 6:15 p.m.15 views

Authentication flaw

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. Users should upgrade to version 5.0 to receive a patch. There are...

5CVSS7.5AI score0.00761EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/07/15 5:15 p.m.5 views

CVE-2022-31157 Use of a Broken or Risky Cryptographic Algorithm in packbackbooks/lti-1-3-php-library

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the function used to generate random nonces was not sufficiently cryptographically complex. Users should upgrade to version 5.0 to receive a patch. There are currently no known...

7.5CVSS7.5AI score0.0042EPSS
Exploits0References1
CVE
CVE
added 2022/07/15 5:15 p.m.79 views

CVE-2022-31157

CVE-2022-31157 concerns the packbackbooks/lti-1-3-php-library. Before version 5.0, the nonce generation function was not cryptographically strong, enabling potential predictability of tokens and forgery of tokens. Affected software is the LTI 1.3 Tool Library implemented in PHP; the issue is a cr...

7.5CVSS7.4AI score0.0042EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/07/15 5:15 p.m.52 views

CVE-2022-31157 Use of a Broken or Risky Cryptographic Algorithm in packbackbooks/lti-1-3-php-library

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the function used to generate random nonces was not sufficiently cryptographically complex. Users should upgrade to version 5.0 to receive a patch. There are currently no known...

7.5CVSS7.7AI score0.0042EPSS
Exploits0References1
CVE
CVE
added 2022/07/15 5:15 p.m.76 views

CVE-2022-31158

CVE-2022-31158 affects the packbackbooks/lti-1-3-php-library (LTI 1.3 Tool Library) for PHP. Prior to version 5.0, the Nonce Claim Value was not validated against the nonce in the Authentication Request, enabling a potential authentication bypass/capture-replay scenario as described by multiple s...

7.5CVSS7.5AI score0.00761EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/07/15 5:15 p.m.5 views

CVE-2022-31158 Authentication Bypass by Capture-replay in packbackbooks/lti-1-3-php-library

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. Users should upgrade to version 5.0 to receive a patch. There are...

7.5CVSS7.5AI score0.00761EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/07/15 5:15 p.m.21 views

CVE-2022-31158 Authentication Bypass by Capture-replay in packbackbooks/lti-1-3-php-library

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. Users should upgrade to version 5.0 to receive a patch. There are...

7.5CVSS7.7AI score0.00761EPSS
Exploits0References1
OSV
OSV
added 2022/07/15 5:15 p.m.17 views

CVE-2022-31158 Authentication Bypass by Capture-replay in packbackbooks/lti-1-3-php-library

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. Users should upgrade to version 5.0 to receive a patch. There are...

7.5CVSS7.4AI score0.00761EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/07/15 12:0 a.m.6 views

LTI 1.3 Tool Library 加密问题漏洞

The LTI 1.3 Tool Library is a library of LTI 1.3 tool providers for building IMS certifications in PHP. A security vulnerability exists in the LTI 1.3 Tool Library prior to version 5.0, which stems from LTI 1.3 Tool Library is a library for building LTI 1.3 tool providers for IMS authentication i...

7.5CVSS7.3AI score0.00761EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2022/05/20 11:59 p.m.27 views

CVE-2019-3849

A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site...

8.8CVSS3.2AI score0.00956EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/13 1:14 a.m.25 views

Moodle Users could elevate their role when accessing the LTI tool on a provider site

A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site...

8.8CVSS7AI score0.00956EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2022/05/13 1:14 a.m.17 views

GHSA-5WG9-5W3F-HXMH Moodle Users could elevate their role when accessing the LTI tool on a provider site

A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site...

8.8CVSS8.5AI score0.00956EPSS
Exploits0References11
OSV
OSV
added 2022/05/13 1:12 a.m.17 views

GHSA-FRHC-9HWC-X7J3 Moodle allows attackers to obtain sensitive information

mod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities before proceeding with registered-tool list searches, which allows remote authenticated users to obtai...

4CVSS5.5AI score0.01687EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2022/05/13 1:12 a.m.26 views

Moodle allows attackers to trigger the generation of arbitrary messages

The LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not properly restrict the parameters used in a return URL, which allows remote attackers to trigger the generation of arbitrary messages via a modified URL, related to mod/lti/locallib.php...

5CVSS7.3AI score0.02118EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:12 a.m.26 views

Moodle multiple cross-site request forgery (CSRF) vulnerabilities

Multiple cross-site request forgery CSRF vulnerabilities in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for a 1 mod/lti/requesttool.php or 2...

6.8CVSS7.6AI score0.01006EPSS
Exploits0References10Affected Software1
Rows per page
Query Builder